| Re: Avpo.exe Que Es?
Ok les mando los reportes:
SDFix:
SDFix: Version 1.177
Run by Administrador on 01/05/2008 at 03:22 p.m.
Microsoft Windows XP [Versi¢n 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\Archivos de programa\Setup.exe - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 17:01:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\HijackThis]
"DisplayName"="HijackThis 2.0.2"
"UninstallString"=""C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe" /uninstall"
"DisplayIcon"="C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe"
"DisplayVersion"="2.0.2"
"Publisher"="TrendMicro"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1]
"Inno Setup: Setup Version"="5.1.5"
"Inno Setup: App Path"="C:\Archivos de programa\Eset"
"InstallLocation"="C:\Archivos de programa\Eset\"
"Inno Setup: Icon Group"="Eset"
"Inno Setup: User"="Administrador"
"DisplayName"="NOD32 FiX v2.1"
"UninstallString"=""C:\Archivos de programa\Eset\unins000.exe""
"QuietUninstallString"=""C:\Archivos de programa\Eset\unins000.exe" /SILENT"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Archivos de programa\\Messenger\\msmsgs.exe"="C:\\Archivos de programa\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:E nabled:LimeWire swarmed installer"
"C:\\Archivos de programa\\LimeWire\\LimeWire.exe"="C:\\Archivos de programa\\LimeWire\\LimeWire.exe:*:Enabled:LimeWir e"
"C:\\Archivos de programa\\EA GAMES\\American McGee's Alice\\alice.exe"="C:\\Archivos de programa\\EA GAMES\\American McGee's Alice\\alice.exe:*:Enabled:American McGee's Alice"
"C:\\Archivos de programa\\Yahoo!\\Messenger\\YServer.exe"="C:\\Arc hivos de programa\\Yahoo!\\Messenger\\YServer.exe:*:Enabled :Yahoo! FT Server"
"C:\\Archivos de programa\\Ares\\Ares.exe"="C:\\Archivos de programa\\Ares\\Ares.exe:*:Enabled:Ares"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Archivos de programa\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Archivos de programa\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\\Archivos de programa\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Archivos de programa\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Disabled:Nero Home"
"C:\\Archivos de programa\\Prodigy Infinitum\\Uninstaller.exe"="C:\\Archivos de programa\\Prodigy Infinitum\\Uninstaller.exe:*:Enabled:Quitar Prodigy Infinitum M¢dem Router"
"C:\\Archivos de programa\\Asistente Prodigy\\SRT.exe"="C:\\Archivos de programa\\Asistente Prodigy\\SRT.exe:*:Enabled:Asistente Prodigy"
"C:\\Archivos de programa\\eMule\\emule.exe"="C:\\Archivos de programa\\eMule\\emule.exe:192.160.1.64/255.255.255.255:Enabled:eMule"
"C:\\IE7\\iexplore.exe"="C:\\IE7\\iexplore.exe:*:E nabled:iexplore"
"C:\\Archivos de programa\\Internet Explorer\\iexplore.exe"="C:\\Archivos de programa\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Archivos de programa\\Yahoo!\\Messenger\\YahooMessenger.exe"=" C:\\Archivos de programa\\Yahoo!\\Messenger\\YahooMessenger.exe:*: Enabled:Yahoo! Messenger"
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Archivos de programa\\iTunes\\iTunes.exe"="C:\\Archivos de programa\\iTunes\\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"="C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Archivos de programa\Messenger\msmsgs.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Archivos de programa\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe"
Thu 1 Dec 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 1 Aug 2006 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv11.bak"
Fri 21 Jul 2006 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv15.bak"
Mon 22 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 2 Feb 2008 1,123,880 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9ef9933d a35bdbcb8d9cd93868ba3092\BIT2B2.tmp"
Thu 20 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e4878a18 7565d10d360502f64c0bf9b8\BIT1.tmp"
Thu 27 Oct 2005 4,348 A..H. --- "C:\Documents and Settings\Nydia\Mis documentos\Mi m£sica\Copia de seguridad de la licencia\drmv1key.bak"
Thu 27 Oct 2005 401 A..H. --- "C:\Documents and Settings\Nydia\Mis documentos\Mi m£sica\Copia de seguridad de la licencia\drmv1lic.bak"
Thu 27 Oct 2005 312 A..H. --- "C:\Documents and Settings\Nydia\Mis documentos\Mi m£sica\Copia de seguridad de la licencia\drmv2key.bak"
Thu 27 Oct 2005 1,536 A..H. --- "C:\Documents and Settings\Nydia\Mis documentos\Mi m£sica\Copia de seguridad de la licencia\drmv2lic.bak"
Thu 1 Dec 2005 4,348 ...H. --- "C:\Documents and Settings\Nydia\Mis documentos\Mi m£sica\License Backup\drmv1key.bak"
Fri 21 Jul 2006 401 A..H. --- "C:\Documents and Settings\Nydia\Mis documentos\Mi m£sica\License Backup\drmv1lic.bak"
Fri 4 Nov 2005 312 A.SH. --- "C:\Documents and Settings\Nydia\Mis documentos\Mi m£sica\License Backup\drmv2key.bak"
Mon 17 Jan 2005 20,480 A..H. --- "C:\Documents and Settings\Nydia\Mis documentos\DISCO REGRABABLE\ARLETTE\EmotikonesNew\Emoticons.exe"
Wed 14 Aug 2002 65,088 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM"
Wed 14 Aug 2002 12,732 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM"
Wed 14 Aug 2002 26,424 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM"
Wed 14 Aug 2002 28,062 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM"
Wed 14 Aug 2002 10,710 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM"
Wed 14 Aug 2002 10,083 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM"
Wed 14 Aug 2002 10,257 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM"
Wed 14 Aug 2002 29,499 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM"
Wed 14 Aug 2002 12,660 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM"
Wed 14 Aug 2002 11,031 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM"
Wed 14 Aug 2002 17,952 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM"
Wed 14 Aug 2002 9,424 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM"
Wed 14 Aug 2002 13,673 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM"
Wed 14 Aug 2002 14,438 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM"
Wed 14 Aug 2002 7,243 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM"
Wed 14 Aug 2002 24,767 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM"
Wed 14 Aug 2002 7,463 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM"
Wed 14 Aug 2002 10,286 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM"
Wed 14 Aug 2002 25,460 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM"
Wed 14 Aug 2002 28,866 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM"
Wed 14 Aug 2002 14,438 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM"
Wed 14 Aug 2002 8,544 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys"
Wed 14 Aug 2002 33,149 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys"
Wed 14 Aug 2002 47,826 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\ASPI1394.S YS"
Wed 14 Aug 2002 35,340 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\ASPI2DOS.S YS"
Wed 14 Aug 2002 14,378 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\ASPI4DOS.S YS"
Wed 14 Aug 2002 37,984 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\ASPI8DOS.S YS"
Wed 14 Aug 2002 44,828 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\ASPI8U2.SY S"
Wed 14 Aug 2002 29,628 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\ASPICD.SYS "
Wed 14 Aug 2002 49,750 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\ASPIEHCI.S YS"
Wed 14 Aug 2002 49,242 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\ASPIOHCI.S YS"
Wed 14 Aug 2002 50,606 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\ASPIUHCI.S YS"
Wed 14 Aug 2002 161,792 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\BOOTSRV.SY S"
Wed 14 Aug 2002 174,080 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\bootsrv16. sys"
Wed 14 Aug 2002 21,971 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\BTCDROM.SY S"
Wed 14 Aug 2002 30,955 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\BTDOSM.SYS "
Wed 14 Aug 2002 202,517 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\CMDS.EXE"
Wed 14 Aug 2002 374,038 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\CMDS16.EXE "
Wed 14 Aug 2002 22,158 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\COUNTRY.SY S"
Wed 14 Aug 2002 1,608 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\DEVICE.COM "
Wed 14 Aug 2002 15,345 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\DISPLAY.SY S"
Wed 14 Aug 2002 7,840 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\DLSHELP.SY S"
Wed 14 Aug 2002 56,821 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\E.EXE"
Wed 14 Aug 2002 64,425 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\FLASHPT.SY S"
Wed 14 Aug 2002 32,396 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\GUEST.EXE"
Wed 14 Aug 2002 14,160 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\HIMEM.SYS"
Wed 14 Aug 2002 10,898 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\KEYB.COM"
Wed 14 Aug 2002 53,556 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\KEYBOARD.S YS"
Wed 14 Aug 2002 15,777 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\MODE.COM"
Wed 14 Aug 2002 37,681 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\MOUSE.COM"
Wed 14 Aug 2002 354,304 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\msbootsrv1 6.sys"
Wed 14 Aug 2002 21,180 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\MSCDEX.EXE "
Wed 14 Aug 2002 354,263 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\Net.exe"
Wed 14 Aug 2002 8,513 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\NETBIND.CO M"
Wed 14 Aug 2002 41,302 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\OAKCDROM.S YS"
Wed 14 Aug 2002 129,240 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\OHCI.EXE"
Wed 14 Aug 2002 28,439 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\Paralink.c om"
Wed 14 Aug 2002 13,770 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\PROTMAN.EX E"
Wed 14 Aug 2002 130,980 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\UHCI.EXE"
Wed 14 Aug 2002 11,854 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM"
Wed 14 Aug 2002 52,715 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM"
Wed 14 Aug 2002 62,391 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM"
Wed 14 Aug 2002 11,491 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com"
Wed 14 Aug 2002 17,791 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com"
Wed 14 Aug 2002 17,043 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com"
Wed 14 Aug 2002 11,786 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com"
Wed 14 Aug 2002 18,300 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com"
Wed 14 Aug 2002 48,224 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com"
Wed 14 Aug 2002 13,360 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com"
Wed 14 Aug 2002 9,190 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com"
Wed 14 Aug 2002 12,567 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com"
Wed 14 Aug 2002 44,640 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM"
Wed 14 Aug 2002 56,896 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com"
Wed 14 Aug 2002 44,640 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com"
Wed 14 Aug 2002 9,692 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com"
Wed 14 Aug 2002 9,537 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM"
Wed 14 Aug 2002 32,484 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com"
Wed 14 Aug 2002 52,225 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe"
Wed 14 Aug 2002 48,491 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe"
Wed 14 Aug 2002 50,405 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com"
Wed 14 Aug 2002 33,860 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe"
Wed 14 Aug 2002 50,175 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe"
Wed 14 Aug 2002 50,795 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe"
Wed 14 Aug 2002 48,223 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com"
Wed 14 Aug 2002 48,641 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe"
Wed 14 Aug 2002 49,015 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com"
Wed 14 Aug 2002 53,786 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\pcdos\comm and.com"
Wed 14 Aug 2002 44,240 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\pcdos\IBMB IO.COM"
Wed 14 Aug 2002 42,550 A..H. --- "C:\Documents and Settings\All Users\Datos de programa\Symantec\Ghost\Template\common\pcdos\IBMD OS.COM"
Finished!
Superantispyware:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 05/01/2008 at 05:27 PM
Application Version : 4.0.1154
Core Rules Database Version : 3448
Trace Rules Database Version: 1440
Scan type : Complete Scan
Total Scan Time : 00:08:39
Memory items scanned : 481
Memory threats detected : 0
Registry items scanned : 4843
Registry threats detected : 0
File items scanned : 0
File threats detected : 2
Adware.Tracking Cookie
C:\Documents and Settings\Nydia\Cookies\nydia@atdmt[1].txt
C:\Documents and Settings\Nydia\Cookies\nydia@ads.us.e-planning[1].txt
No encuentro el de Malwarebytes, ya lo busqué y creo que no lo guarde, tiene caso volver a pasarlo y mandarles el reporte?
Bueno, lo pase otra vez, y me arrojo el mismo malware (VideoEgg) aunque ya aperece en muchos menos lugares
Les mando el informe:
Malwarebytes' Anti-Malware 1.11
Versión de la Base de Datos: 707
Tipo de examen : Examen Completo (C:\|)
Objetos examinados: 106232
Tiempo transcurrido: 1 hour(s), 7 minute(s), 52 second(s)
Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 3
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 0
Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)
Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)
Claves del Registro Infectadas:
HKEY_CURRENT_USER\Software\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MozillaPlugins\@videoeg g.com/Publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Uninstall\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
Valores del Registro Infectados:
(No se han detectado elementos maliciosos)
Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)
Carpetas Infectadas:
(No se han detectado elementos maliciosos)
Ficheros Infectados:
(No se han detectado elementos maliciosos)
Saludos
Nydia
Última edición por SIOUXSIE_5 fecha: 01/05/08 a las 21:12:18.
Razón: nueva información
|